General

  • Target

    Reaper v1.6.bat

  • Size

    11.7MB

  • Sample

    240312-t1c9eaff73

  • MD5

    1159c0d5a7d15ecc9a54ec54f7b36387

  • SHA1

    75b41ead42936709e99fbae0412929072407f29a

  • SHA256

    c9238f960a054e10f25e039352e155915c7df5f3bbad0f5cfe8a5137d3e92fea

  • SHA512

    27d5bc23e59e1736f489749ec4c2488c41b60b587ca1cfdd5197f86dc5d4352cea95a1e34ac51116b5da1bc8a0935b8b68f40a71be71dadfa3d2162a1c3de208

  • SSDEEP

    49152:lewziQnH7X0gP2C3zSrl2mPVYW4weIqzsTnIkEQBKZKS9CVcZHv0nKJ/vtImOCsd:m

Malware Config

Extracted

Family

quasar

Version

1.0.0.0

Botnet

v3.0.6 | SeroXen

C2

noshkoda-43260.portmap.io:43260

Mutex

07372a96-541f-4c52-9ba0-26f4e0eea6a7

Attributes
  • encryption_key

    8C27AA7D5AF3A1EAD8247C9D937184D650AF4DF1

  • install_name

    .exe

  • log_directory

    $sxr-Logs

  • reconnect_delay

    3000

Targets

    • Target

      Reaper v1.6.bat

    • Size

      11.7MB

    • MD5

      1159c0d5a7d15ecc9a54ec54f7b36387

    • SHA1

      75b41ead42936709e99fbae0412929072407f29a

    • SHA256

      c9238f960a054e10f25e039352e155915c7df5f3bbad0f5cfe8a5137d3e92fea

    • SHA512

      27d5bc23e59e1736f489749ec4c2488c41b60b587ca1cfdd5197f86dc5d4352cea95a1e34ac51116b5da1bc8a0935b8b68f40a71be71dadfa3d2162a1c3de208

    • SSDEEP

      49152:lewziQnH7X0gP2C3zSrl2mPVYW4weIqzsTnIkEQBKZKS9CVcZHv0nKJ/vtImOCsd:m

    • Quasar RAT

      Quasar is an open source Remote Access Tool.

    • Quasar payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks